示例#1
0
    def _VerifyResponseIntegrityFields(self, req, resp):
        """Verifies integrity fields in response."""

        # Verify plaintext checksum.
        if not crc32c.Crc32cMatches(resp.plaintext, resp.plaintextCrc32c):
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
示例#2
0
    def _VerifyResponseIntegrityFields(self, req, resp):
        """Verifies integrity fields in MacSignResponse."""

        # Verify resource name.
        if req.name != resp.name:
            raise e2e_integrity.ResourceNameVerificationError(
                e2e_integrity.GetResourceNameMismatchErrorMessage(
                    req.name, resp.name))

        # data_crc32c was verified server-side.
        if not resp.verifiedDataCrc32c:
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetRequestToServerCorruptedErrorMessage())

        # Verify mac checksum.
        if not crc32c.Crc32cMatches(resp.mac, resp.macCrc32c):
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
示例#3
0
  def _VerifyResponseIntegrityFields(self, req, resp):
    """Verifies integrity fields in AsymmetricSignResponse."""

    # TODO(b/170470282) Uncomment when the server populates the name field.
    # # Verify resource name.
    # if req.name != resp.name:
    #   raise e2e_integrity.ResourceNameVerificationError(
    #       e2e_integrity.GetResourceNameMismatchErrorMessage(
    #           req.name, resp.name))

    # digest_crc32c was verified server-side.
    if not resp.verifiedDigestCrc32c:
      raise e2e_integrity.ClientSideIntegrityVerificationError(
          e2e_integrity.GetRequestToServerCorruptedErrorMessage())

    # Verify signature checksum.
    if not crc32c.Crc32cMatches(resp.signature, resp.signatureCrc32c):
      raise e2e_integrity.ClientSideIntegrityVerificationError(
          e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
示例#4
0
    def _VerifyResponseIntegrityFields(self, req, resp):
        """Verifies integrity fields in EncryptResponse.

    Note: This methods assumes that self._PerformIntegrityVerification() is True
    and that all request CRC32C fields were pupolated.
    Args:
      req: messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysEncryptRequest()
        object
      resp: messages.EncryptResponse() object.

    Returns:
      Void.
    Raises:
      e2e_integrity.ServerSideIntegrityVerificationError if the server reports
      request integrity verification error.
      e2e_integrity.ClientSideIntegrityVerificationError if response integrity
      verification fails.
    """

        # Verify resource name.
        # Strip version from resp.name if --key was provided.
        resp_name = self._MaybeStripResourceVersion(req.name, resp.name)
        if req.name != resp_name:
            raise e2e_integrity.ResourceNameVerificationError(
                e2e_integrity.GetResourceNameMismatchErrorMessage(
                    req.name, resp_name))

        # plaintext_crc32c was verified server-side.
        if not resp.verifiedPlaintextCrc32c:
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetRequestToServerCorruptedErrorMessage())

        # additional_authenticated_data_crc32c was verified server-side.
        if not resp.verifiedAdditionalAuthenticatedDataCrc32c:
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetRequestToServerCorruptedErrorMessage())

        # Verify ciphertext checksum.
        if not crc32c.Crc32cMatches(resp.ciphertext, resp.ciphertextCrc32c):
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
示例#5
0
    def _VerifyResponseIntegrityFields(self, req, resp, use_digest=True):
        """Verifies integrity fields in AsymmetricSignResponse."""

        # Verify resource name.
        if req.name != resp.name:
            raise e2e_integrity.ResourceNameVerificationError(
                e2e_integrity.GetResourceNameMismatchErrorMessage(
                    req.name, resp.name))

        if use_digest:
            # digest_crc32c was verified server-side.
            if not resp.verifiedDigestCrc32c:
                raise e2e_integrity.ClientSideIntegrityVerificationError(
                    e2e_integrity.GetRequestToServerCorruptedErrorMessage())
        else:
            # data_crc32c was verified server-side.
            if not resp.verifiedDataCrc32c:
                raise e2e_integrity.ClientSideIntegrityVerificationError(
                    e2e_integrity.GetRequestToServerCorruptedErrorMessage())

        # Verify signature checksum.
        if not crc32c.Crc32cMatches(resp.signature, resp.signatureCrc32c):
            raise e2e_integrity.ClientSideIntegrityVerificationError(
                e2e_integrity.GetResponseFromServerCorruptedErrorMessage())